How to prevent mixed content and insecure warnings from web browsers ?


When listeners tune in to my stream, a warning shows up in the browser's address bar with the message "mixed content" or "not secure". How can I stop these warning messages from showing up ?


Modern web browsers will show such alerts, when the content (or a portion of it) being displayed has not been encrypted using secure socket layer or SSL. To prevent these alerts from showing up, all elements in your website must be encrypted, this includes the audio data coming from Shoutcast or Icecast.

As for version 3.2.14, Centova Cast offers full support for encrypting the audio stream of your station(s) using SSL.

The recommended method for serving encrypted audio streams, would be to set up Centova Cast's stream proxy. You will find the procedure for that at the link below.


After the stream proxy has been successfully set up, you will need to enable proxy support for an account under settings > limits, then tune-in links for the proxy will be displayed both on the stream's Quick Links page as well as on the stream's start page.

Shoutcast/Icecast Native SSL support

Both Shoutcast (v2.6+) and Icecast (v2.4+) have implemented native support for SSL (also supported by Centova Cast as of v3.2.14), which allows for per-station individual SSL configuration by end-users. End-users looking to use their own domain names for SSL enabled raw tune-in links can use this feature.

How do I enable native SSL support access for users ?

1.- Login as administrator, then go the station's settings, and enable "Allow native TLS:" under the TLS/SSL tab.
2.- Set the user's domain name under settings > stream > hostname

What are the requirements for setting up native SSL support ?

1.- A Domain or sub-domain pointed at the station's IP address
2.- An SSL certificate issued to the domain or sub-domain by a trusted authority

3.- (Shoutcast only) In addition to the above, Shoutcast 2 stations will also require a "Premium You host!" license purchased directly at

How do users set up native SSL support ?

(Shoutcast 2 only)

For Shoutcast 2 stations, first the user will need to enter the premium license details under settings > Shoutcast, then restart the station.

Once the premium license is set, or if using Icecast 2:

1.- In the station's settings, set the "Enable native TLS:" option to Yes.
2.- Enter the SSL certificate followed the CA-Bundle in the "Certificate chain:" box
3.- Enter the certificate's private key in the "Certificate private key:" box
4.- Click the "Test TLS" configuration button to make sure the certificate is valid and matches the domain name
5.- Click the update button to save the settings, then restart the station.

How do listeners tune in via native TLS/SSL ?

Once native TLS has been successfully set up, new TLS tune-in links will be displayed under the Quick Links section.